Security Briefing 4-24-2018

Security Briefing 4-24-2018

11 months ago Andy Harrover

On Tuesday, Department of Justice (DOJ) prosecutors asked a San Francisco federal court judge to impose that sentence on Karim Baratov, a Canadian citizen born in Kazakhstan who was indicted in March 2017 for working with two officers of the Russian Federal Security Service (FSB) -that’s Russia’s successor to the KGB – to pull off the historic Yahoo breach. They asked for nearly 8 years.

A group named GOLD GALLEON has targeted global maritime shipping companies– As part of the BEC social engineering scheme, actors usually employ spear-phishing emails to steal email credentials of individuals responsible for handling business transactions. This allows them to intercept emails between involved parties, modify financial documents, and redirect funds to attacker-controlled bank accounts.

Foxit has addressed over a dozen vulnerabilitiesin their PDF Reader, a free application that provides users with an alternative to Adobe Acrobat Reader.

A new security standard announced Tuesday, WebAuthn, has won near-final approval from the World Wide Web Consortium, which establishes Web standards. It is based on a specification written by the FIDO Alliance, can make the Internet more secure for consumers. It uses public key cryptography and is resistant to phishing attacks.

A former employee stole data on 1.5 million customers, Atlanta-based SunTrust Banks announced on Friday. The stolen information includes names, addresses, and phone numbers, along with certain account balances, as this was the data included in the contact lists, the company confirmed.